Bitdefender Cannot Detect The New WHQL Rootkits

wwwab
wwwab
edited November 2022 in Security Research Team

I recently discovered the new WHQL Rootkits. Bitdefender and many other anti-virus software providers still cannot detect them. Due to the large number of files and their total size, I can't submit them to Bitdefender according to the normal process. I've tried to contact case that haven't been closed before, but they seem to be out of working hours.

Hash:

f3b017cf469aa4e76b1e9b67c6462a0b5d9ebbfc550c1bf3f65e9ccdf88f2447

d6f7fd346cafc4e7e2227a5ef8dd9ddbbdd83dbc5d139734b03e2c404509cd06

6bf7fb60c2c93dc17ba5dbf24f63d1ede4615fc53e3f6643bd676f2e9c9d4c2b

2088764efe780fcde3a7623b330e8319280c26e481bed8fc3e8726bfddc1ea53

a82794500932cd286b88fec79a8b0e6d9121b135e531da8552333ebb87da834f

547eb802e7bbf40ce6b5e219baad84152677653e92eaefeee7ce4226cf312058

342d7d819f869870a677a3670bbe520fb89389b63c5dd6c68b80fb63117463d3

a1be29cd2a06867c14dca5a621eb73a5428d6a31bbd4182d350e46775ad80cdf

ee75bbe10675a7b8e90072cfac182d65963d927778f0d4c477f6ccc5c9570ac3

b1fde38dcf163f7724ec240d7441b5b75386e9199ecd80dd878bfd9bff6b823b

b7a9bed4c0f1aed75ffc5d2ba14463a8e9b6144c9f07ab4d7c60b127ee145211

8501d07f3834192ed16badc423120445cd15581779020646e1671b5ac81e2fbf

b28abf0b11ed44661b77594430919e8e269169568931d1e530342ac149fb33e6

0522751131368fa007f8ed52209a5b9b4583b82c3fa9af20ad82d575f2c6e711

f9d9d22b9c19f45b8ba74b556a959990586fd2c10f962af34e49d12b94d5d35b

a2d1bfc6686f97d82ff7a7c2e027dd7fdb75a86531c28ed827652722c43e4ee8

d38a206431cdf0ccf3520240a91831e8222f9cf8ecb7104361079eca96c155a4

e398b3818cb784c6efb6b2e80a265429b417ac693f35a3ba155baabab7445511

6c6dbcd53a7e6a4e0dd1458cb417ef472afbb178d457481eda8f85561b9debd4

51f9f9338eb97e9a06d8e78fc7ba61c0e62484bd179b321c4f31c3e69d8ddf84

a0cf4ca6570a7442cce8ea98b62df060ecafc7d8498667d07674b29aaf9b225a

be85725cacdcd1377bd79459c003b3a1b9e2e35ba30544560c19f6634259791a

e20a485993086dec457dff824e8ca7053f6b3cbc75117d63e87c79d537c05c5b

0aa222fe91919a0c9f477d4c68af4de9cffdaf1cc63d96ee7e137a3aaef69530

55b20056f002a1746d73e8b874f1d20c4d179bf5455b9268dc286f2da6b83db2

80951e2f257d8c6b1f94e1c298144a1b4d928399b028fec3eddad2354fbe9773

e1e2b29c575fce4fc8f8a43cc3b13ee31b70acf3336db07b99cfa5bfbf6643cf

b051703a9c6851960849d4fea3311892d4fc3681d6fd2e23d7861f006f2fbfa2

9914a6f768631be401f2af9dd4d36056ecca55d62751aece05ccc2dc0993862e

081e37847d8916cf28b2f8ec172208898bb3b8f44dd5ad97470ca915dadf2f72

9d05061c3b7a62ae365639e0532b4ac6226e3bdd6e9caf0a1166ef80829356bb

Comments

  • Flexx
    Flexx mod
    https://community.bitdefender.com/en/discussion/94119/new-whql-rootkits

    The hashes have been shared with the malware researchers. The post will be updated once an update is recieved.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Alexandru_BD
    Alexandru_BD admin

    Thank you @Flexx ! 🤜🤛

    Premium Security & Bitdefender Endpoint Security Tools user

  • Flexx
    Flexx mod
    edited November 2022

    The sent hashes are malicious and detection will be added soon.

    Screenshot 2022-11-16 175446.png


    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • wwwab
    wwwab
    edited November 2022

    Well down. This is really good news. Thank you.


    Regards

  • Gjoksi
    Gjoksi Defender of the month mod

    Thanks to @wwwab, ESET can now detect them as malicious:

    https://forum.eset.com/topic/34454-new-whql-rootkits/

    Also, this stands for the other security vendors, which now detect them as malicious:

    https://www.virustotal.com/gui/file/f3b017cf469aa4e76b1e9b67c6462a0b5d9ebbfc550c1bf3f65e9ccdf88f2447

    Kind regards.

  • wwwab
    wwwab
    https://community.bitdefender.com/en/discussion/comment/318177#Comment_318177

    Hi @Flexx

    d93c406fddb17234b31ac7767b145420b8cc74eb33c8df4ada32bcfb271ddea5

    5cd02b515762b7b07771ed6f1b538fdf0962b83940804a52a1bdfe821fec3ed7

    New samples of the WHQL RootKits Bitdefender cannot detect.

    Regards

  • Flexx
    Flexx mod
    edited November 2022
    https://community.bitdefender.com/en/discussion/comment/318204#Comment_318204

    Sorry, was on a long holiday.

    Shared the hashes with the malware reasearch team. In future, you can also share the hashes with @Alexandru_BD or @Mike_BD and they will share it with malware researchers directly and can provide faster resolution on this since they both work for bitdefender.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • wwwab
    wwwab
    https://community.bitdefender.com/en/discussion/comment/318323#Comment_318323

    Hi @Flexx


    "9beca954da15bd7abfa3389e63af322361a12b7616a734d31d9aecef71f84fad",

    "4b267203d6cbe5ca72f9f47446153ab62a2f99a0ae0788173cfefe61ba936f6d",

    "f2401dd344ef5c65ad674c45e4a5dbc911b0cc6d0c757bd413ffbe715422e080",

    "a46c0cce3b4085d148ce29787509166069a329b044077e7a39c5b0834a2de24d",

    "2e25a5399bf56768684297709e6cce6d12f3a456afccd9954e490a1d6c524603",

    "c823ed1e83337cddb9e43409ed92681590b6d2a251058b221734864233878c92",

    "7bf425b214d0306bd5f9a5855f9bdd5895c523be74f672c346f5d2c859a42fe2",

    "c444e1c6238b13e4e3d6f85269ba721b00460e4252f0b3f7001e859d780248c3",

    "f80246ad1cd3f34b190b5261c3ac3db0496d3e40a38b34203ce02c5ffdd4b46a",

    "07d09c2b6dcd61eb5885bf2a43dbf34e4e18a173c286e5f75adb6cdd7af0a8c6",

    "621fc2c2ca7d6eecb4569d35a5a3d435281862cec803b7f4f8c06199bc6326c8",

    "7987432e06ede9ac618fba0091f5d632e44c48661f298f4010f00a4ca8fb1f14",

    "7a0668988a45cd03dfcf9989e8449bcb02bfb946f95cb3e0faea7c048bfe4995",

    "e470778d290283465993dbccd3c3dc5b1a9a3f84fdc50a8d3537d069ba24f477",

    "c7c03242d68ae59a0d6ae06863d019cb7a1c26bd11334431311df0d5db45753a",

    "0a6116a00f97f37499da064234901c8a4e99a271318724416ff0634846463351",

    "62838d2ed5ea996375e0e6a29b00a6213cc25e89935ef5582cd9c0ebea527558",

    "96a5843d1283647ec94cf77e2197ffd07f909b7cdf3f30e18314a97d9f903e91",

    "874198939fe87d0986fefd97619021e2bfae3e203e0839d5a3b4fec85117567b",

    "14021b3a6eaca0718a03c39b602e12aea2e78d70e0a33dcb3fcc8c66d4f2e167",

    "c27c5b331e8d6410631a03118b49672edc40fd84abd2e4dbdc18db03b9ee9eed",

    "d786c5b9d8c9509d5b52c052534fc747ef604da6ddf34a8207e5fdcd1fd09ff7",

    "91262198d13ea2fe6264c898bd6fcf8f7e3cdebdb144d73adbad6bf13c5d6152",

    "6f7571785987bae5218088860a08c68f8e1fcb82aea48dfe2db4a2a45bf1c0a2",

    "c02b7979be0d931878e35b58223d3bb05fd7913495051c6a9a56b77e96c15cd1",

    "976e74a800fb3905911d6e3701d89bb4b722b067a7f199b0020b8cfafeaa5118",

    "12003a563b4e85a91e71d9c2084e13850a17bd4cac822ef7a592ef1c5302807d",

    "8054bb07b1839bbbb6086cfe95d35f9cc29bc178486e7553d706673ca32fd6a7",

    "7a16217ab07fc6449182071d25612f2be61fb8453382632ade5c566c67853c36",

    "996434920b27f2534fd1197810f391e5d8899dfde94500517b7632f17a8d3d8b",

    "592d4056b36cf298da2403a6afb9a52162f1f377085ca75d11a09bc2f5ae5434",

    "ba96f697c7da94fdc27a9c57292ed82f08f8d6e0e119794a40904cc7d10d0a71",

    "827ff254a8f16247e1e67e756691b4ccbacc6dabc532468e54d3f83ec1f38c26",

    "e000c25ca6138e9bf54528a5f1134e86f4715f4231493d0a42cd64aa6669eb02",

    "b692eaca8a9a1c313f6c23f53f122d2a3b0b5fe1e32563adcbc9a748e85f1f68".


    New samples of the WHQL RootKits Bitdefender cannot detect.


    Regards

  • Flexx
    Flexx mod
    https://community.bitdefender.com/en/discussion/comment/319778#Comment_319778

    Hashes have been shared with the malware researchers.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Flexx
    Flexx mod
    https://community.bitdefender.com/en/discussion/comment/319810#Comment_319810

    As checked, detections have been created.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

All Time Leaders

Categories

Defenders of the month - March